<?php	/* gmslOpenSource 2008 */
/*
----------------------------------------------------------------------------------------
	Project name:		gmslappcore
	Section:		admin
----------------------------------------------------------------------------------------
	Script name:		banuser.php
	Script location:	./gmslappcore/admin/	(from system base)
	Script location:	./admin/		(from project base)
	Script version:		1.1
----------------------------------------------------------------------------------------
	Script info:		Admin users can access this page in order to ban a
				user, which prevents the user from logging on to 
				the system.
	Script dependencies:
 				~The user who tries to view this page must be an
 				admin user, otherwise a "unautherised message" will
 				be displayed.
----------------------------------------------------------------------------------------
	This script is part of the gmslappcore system which is released
	under the GNU licese.
	Copyright: 2008 Andrew Cornford
	Email: projects+gmslappcore@groupmsl.co.uk
	Website: www.groupmsl.co.uk?section=cms&page=view&t=gmslappcore&f=groupmsl Open Source/gmslappcore
----------------------------------------------------------------------------------------
	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>.
----------------------------------------------------------------------------------------
*/
$pgtitle = "Ban a User";
$pgsubtitle="Ban someone that is a pain on your site";
		echo "<link href='../system/system.css' rel='stylesheet' type='text/css' />";
		require('../skin/header.php');
		require('../security/admin_and_advanced_only.php');
		switch($security)
			{
			case PASS:
			echo "<p class='headertext'>Ban a user.<font class='minitext'> $systemversion</font></p>";
			if(!$_POST['part'])
				{
				echo
				"<form action='$_SERVER[PHP_SELF]' method='POST' name='banuser' id='banuser'>
					<p class='normaltext'>Username: 
					<select name='loginusername'>";
						$login_username=mysql_query("SELECT username, fullname FROM `$tb_users` ORDER BY username") or die ($sql_db_error);
						while($row=mysql_fetch_array($login_username))
							{
							echo "<option value='$row[username]'>$row[username] - $row[fullname]</option>";
							}
					echo
					"</select>
					<input name='part' type='hidden' id='part' value='1'/>
					<input name='ban' type='submit' id='ban' value='Ban'/></p>
				</form>";
				}
			if($_POST['part']=='1')
				{
				$username=$_POST[loginusername];
				$userexsists_query=mysql_query("SELECT * FROM $tb_users WHERE username='$username'");
				$userexsists_result= mysql_fetch_assoc($userexsists_query);
				if(!$_POST[loginusername])
					{
					echo
					"<p class='normaltext'><p class='error'>Error!</p> You must specify a user to ban.</p>
					<meta http-equiv='Refresh' content='5;url=$_SERVER[PHP_SELF]' />";
					}
				else
					{
					if(!$userexsists_result)
						{
						echo
						"<p class='normaltext'><p class='error'>Error!</p> That user does not exsist.</p>
						<meta http-equiv='Refresh' content='5;url=$_SERVER[PHP_SELF]' />";
						}
					elseif($_POST['loginusername']=='Admin')
						{
						echo
						"<p class='normaltext'><p class='error'>Error!</p> You cannot ban the user 'Admin'.</p>
						<meta http-equiv='Refresh' content='5;url=./index.php' />";	
						}
					else
						{
						$banuser_go_query=("UPDATE $tb_users SET banned='Y' WHERE username='$username'");
						mysql_query($banuser_go_query);
						if(!mysql_query($banuser_go_query))
							{
							echo
							"<p class='normaltext'><p class='error'>Error!</p> There was a problem banning $username. Please try again.</p>
							<meta http-equiv='Refresh' content='5;url=$_SERVER[PHP_SELF]' />";
							}
						else
							{
							echo
							"<p class='normaltext'><p class='correct'>Congratulations!</p> The user $username has been banned!</p>
							<meta http-equiv='Refresh' content='5;url=./index.php' />";
							}
						}
					}
				}
			}
		require('../skin/footer.php');
?>
